From f619ebdf54afc6c0ab4264de2f8874176caacf35 Mon Sep 17 00:00:00 2001
From: Alvaro Lopez Garcia <aloga@ifca.unican.es>
Date: Thu, 8 Aug 2024 15:55:06 +0200
Subject: [PATCH] ci: fix package build, using trusted publisher

---
 .github/workflows/python-publish.yml | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index fc29fc0f..3b536c96 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -32,8 +32,13 @@ jobs:
       run: tox
 
   publish:
+    name: upload release to PyPI
     runs-on: ubuntu-latest
     needs: test
+    environment: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     steps:
     - uses: actions/checkout@v3
 
@@ -47,11 +52,9 @@ jobs:
         python -m pip install --upgrade pip
         python -m pip install poetry poetry poetry-plugin-export
 
-    - name: Build and publish
-      env:
-        TWINE_USERNAME: "__token__"
-        TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
-      run: |
-        poetry build
-        poetry publish
+    - name: Build
+      run: poetry build
+
+    - name: publish
+      uses: pypa/gh-action-pypi-publish@release/v1